Is it reasonably safe to use PIN code for encryption?

Question

On the Android 4.0 (Samsung Galaxy Nexus) there is a posibilty to encrypt the phone. I found this about the encryption on Android 3.0, is the same algorithms used in Android 4? http://source.android.com/tech/encryption/android_crypto_implementation.html

My main question concerns the use of a PIN code to decrypt your phone. Why am I forced to use the same password to unlock my screen and to decrypt my phone? This restriction will only allow me to use a password of low complexity (like a PIN number) since it would be to hard to write in i.e. 17 characters to unlock my phone for a simple phone call.

Brute force attempts against the screen unlock could be prevented i.e. by a force reboot every 5 tries. So there is not any need for a very strong password there, a PIN might be good enough.
This type of protection can not be used on the disc, thus there is a greater need for stronger passwords here. (It doesn't help much that the entropi of passwords have increased since there will be very few users with a complex password, so an attacker could simply try most passwords with low complexity). What is the reasoning behind being forced to use the same password for both features?

Answer 1

You can use this command on a root shell to change the encryption password:

su -c vdc cryptfs changepw <new_password>

Where <new_password> should be replaced by your password.

Source: http://nelenkov.blogspot.be/2012/08/changing-androids-disk-encryption.html

Answer 2

By using a password/phrase vs four digit pin, you are increasing the security of your device. The trick of it is, even by having a four character password, you've just increased your security for two reasons:

• You've increased the available characters.
• You've taken away the attackers knowledge of your pw length.

If an attacker knows your password is 14 characters, it is more secure than a four or eight character password, but typical statistics use ranges (1-4, 1-8, 1-14) and not the reality (which would be simply calculating one length's available combinations).

Currently, it is simply WAY TO EASY to access your phone's data. Your grandmother has the capability of doing so (No offense to you or your family :P). So, while you're right that there are limitations of this encryption, the 'broken' version works A LOT better than non-encrypted data currently practiced.

It is up to you to judge how sensitive and private your data is, as well as how much of a target you are for such data to be stolen. Choosing an appropriate password is your responsibility once you've assessed these risk.

Answer 3

If you're trying to crack the disk encryption, independent of the rest of the device in a scenario where you have a powered off device, or just the memory chips, then this is a different attack vector than that used on a powered-on password protected device where the decryption key may be held in memory (leading to vulnerabilities used by things like the Firewire encryption key stealers prevalent on PCs using older FDE encryption software and not a TPM-type module), or the unlock screen could be brute-forced (or have its own vulnerabilities).

If you're attacking the disk directly then in this case you're not attacking the 4-digit PIN or user password that's encrypting the device, what you're attacking is the 128 bit AES key:

The master key is a 128 bit number created by reading from /dev/urandom. It is encrypted with a hash of the user password created with the PBKDF2 function from the SSL library. The footer also contains a random salt (also read from /dev/urandom) used to add entropy to the hash from PBKDF2, and prevent rainbow table attacks on the password.

From point 4 under "Enabling encryption on the device" of the Notes on the implementation of encryption in Android 3.0 that you linked to.

(was going to be a comment but ended up far too long)

Answer 4

One possible solution for this is to use whispercore, but it requires you to root your device.

I have also filled a feature request at the android project page.

Answer 5

If you have remote wipe enabled (assuming it still works with encrypted device), the PIN may not secure your device forever, but it may do so long enough to give you time to wipe your device.